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~ The MAILING DA TE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 30 April 2001 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 12 and 4-42 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 12 and 4-42 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .Q Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1 . This office action is responding to the amendment received on 02/03/2005. 

2. Claims 1 , 4 and 6 are amended. 

3. Claim 3 is canceled. 

4. Claims 40-42 are newly added. 

5. Claims 1-2, and 4-42 are pending. 

6. Examiner acknowledges the applicant of receiving the amended specification dated 
02/03/2004 and considers it. 



Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

8. Claims 1-2 and 4-7 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The language of the claims 1-7 consists solely of 
computer program, which is nonstatutory functional descriptive material. A system of computer 
program is also nonstatutory functional descriptive material. The language of the claims does 
not recite any computer hardware involvement. 
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Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

10. Claims 1-2, and 4-42 are rejected under 35 U.S.C. 102(e) as being anticipated by Cook et 
al, US Patent 6820082, hereinafter "Cook". 

11. As per claims 1 and 4, Cook discloses "A system comprising: a pluggable security policy 
enforcement module configured to be replaceable in the system and to provide different 
granularities of control for a business logic in the system" in (Col 1 lines 25-29, and Col 2 lines 
15-28), "wherein the business logic processes requests submitted to the system, wherein the 
pluggable security policy enforcement module is further configured to determine, for a particular 
granularity of control, whether to permit an operation, requested by a user based, based at least in 
part on a permission assigned to the user" in (Col 2 lines 29-59). 

12. As per claims 2, 16, 28, and 38, Cook discloses "A system as recited in claims 1, 8, 27, 
and 35, wherein the different granularities of control comprise a plurality of sets of rules that can 
be replaced with each other without altering the business logic" in (Col 2 lines 15-54). 
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13. As per claim 6, Cook discloses "A system comprises: a pluggable security policy 
enforcement module configured to be replaceable in the system and to provide different 
granularities of control for a business logic in the system" in (Col 7 line 8 to Col 9 line 60) 5 
"wherein the different granularities of control comprise a plurality of sets of rules, and wherein 
each set of rules includes a plurality of permission assignment objects, wherein each of the 
permission assignment objects associates a user with a particular role, wherein each particular 
role is associated with one or more permissions, and wherein each of the one or more 
permissions identifies a particular operation and context on which the operation is to be 
performed" in (Col 7 line 8 to Col 9 line 60). 

14. As per claims 5, 21, 29, and 34, Cook discloses "A system as recited in claims 4, 20, 27, 
and 33, wherein the control module is further configured to return a result of the determining to 
the business logic" in (Col 5 lines 29-41). 

.15. As per claims 7, 18, and 25, Cook discloses "A system as recited in claims 6, 17 and 24, 
wherein each of the permission assignment objects further identifies whether the one or more 
permissions in the particular role are granted to the user or denied to the user" in (Col 7 lines 30- 
40). 

16. As per claims 8-9, 11, 15, and 33, Cook discloses "One or more computer-readable media 
comprising computer-executable instructions that, when executed, direct a processor to perform 
acts including: receiving a request to perform an operation" in (Col 4 lines 10-50); "checking 
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whether to access a business logic in order to generate a result for the requested operation; 
obtaining, from the business logic, a set of zero or more additional tests to be performed in order 
to generate the result; performing each additional test in the set of tests if there is at least one test 
in the set of tests" in (Col 5 lines 29-41); "checking a set of pluggable rules to determine the 
result of the requested operation; and returning, as the result, a failure indication if checking the 
business logic or checking the set of pluggable rules indicates that the result is a failure, 
otherwise returning, as the result, a success indication" in (Col 5 lines 18-41, and lines 42-65). 

17. As per claims 10 and 19, Cook discloses "One or more computer-readable media as 
recited in claim 8, wherein the receiving comprises receiving, as part of the request, an indication 
of a user, and wherein the checking the set of pluggable rules comprises comparing an object 
associated with the user to the rules in the set of pluggable rules and determining whether the 
operation can be performed based at least in part on whether the user is permitted to perform the 
operation" in (Col 5 lines 5-15). 

18. As per claims 12-13, 22, 32, and 37, Cook discloses "One or more computer-readable 
media as recited in claims 12, 19, 31, and 36, wherein the high-level permission concepts include 
an operation and a context, wherein the operation allows identification of an operation to be 
performed and the context allows identification of what the operation is to be performed on" in 
(Col 6 lines 11-30). 
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19. As per claim 14, Cook discloses "One or more computer-readable media as recited in 
claim 8, wherein the computer-executable instructions are implemented as an object" in (Col 6 
lines 38-54). 

20. As per claims 17, 24, and 30, Cook discloses "A system as recited in claims 1, 8, 19, and 
26, wherein the different granularities of control comprise a plurality of sets of rules, and 
wherein each set of rules includes a plurality of permission assignment objects, wherein each of 
the permission assignment objects associates a user with a particular role, wherein each 
particular role is associated with one or more permissions, and wherein each of the one or more 
permissions identifies a particular operation and context on which the operation is to be 
performed" in (Col 7 line 8 to Col 9 line 60). 

21. As per claims 20 and 27, Cook discloses "A system as recited in claims 19, and 26, 
wherein the pluggable security policy enforcement module includes a control module configured 
to determine whether to permit an operation based at least in part on accessing the business logic 
to identify one or more additional tests to perform, and further configured to perform the one or 
more additional tests" in (Col 6 lines 38-54). 

22. As per claim 23, A method as recited in claim 19, Cook discloses "wherein the method is 
implemented in an object having a plurality of interfaces for requesting a determination as to 
whether to permit a plurality of operations including the operation requested by the user" in (Col 
4 line 64 to Col 5 line 15). 
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23. As per claim 26, Cook discloses "A method comprising: receiving a request to perform 
an operation; accessing a set of low-level rules, wherein the low-level rules are defined in terms 
of high-level concepts; checking whether a user requesting to perform the operation is entitled to 
perform the operation based at least in part on the set of low-level rules; and returning an 
indication of whether the operation is allowed or not allowed" in (Col 6 lines 1 1-30). 

24. As per claims 3 1 , Cook discloses "A method comprising: assigning high level security 
concepts to an application domain; and allowing a set of pluggable rules to define low-level 
rules, in terms of the high level security concepts, for different business logic in the application 
domain" in (Col 7 lines 8 to Col 8 lines 61). 

25. As per claim 35, Cook discloses "An architecture comprising: a plurality of resources; a 
business logic layer to process, based at least in part on the plurality of resources, requests 
received from a client; and a pluggable security policy enforcement module to enforce security 
restrictions on accessing information stored at the plurality of resources" in (Col 7 lines 8 to Col 
8 lines 61). 

26. As per claim 36, Cook discloses "An architecture as recited in claim 35, wherein the 
pluggable security policy enforcement module defines high-level permission concepts for 
security rules and further defines a set of security rules using the high-level permission concepts" 
in (Col 7 lines 8 to Col 8 lines 61). 
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27. As per claim 39, Cook discloses "An architecture as recited in claim 35, wherein the 
pluggable security policy enforcement module is configured to determine, based at least in part 
on a permission assigned to a user and on one or more additional tests identified by accessing the 
business logic layer, whether to permit an operation to access information at the plurality of 
resources" in (Col 7 lines 8 to Col 8 lines 61). 

28. As per claim 40, Cook discloses "A system as recited in claim 1, wherein the system is 
configured as a multi-layer architecture, wherein the business logic is implemented as a business 
logic layer of the multi-layer architecture" in (Col 7 lines 30-40). 

29. As per claim 41, Cook discloses "A system as recited in claim 1, wherein the pluggable 
security policy enforcement module is configured to receive an input from the business logic in 
the form of a user indication and an item indication" in (Table 2-4). 

30. As per claim 42, Cook discloses "A system as recited in claim 1, wherein the pluggable 
security policy module includes an interface that provides the following interface functionality: 
first functionality for testing whether an identified item can be approved by a specified user" in 
(Col 6 lines 38-54); "second functionality for testing whether the identified item of a specified 
type can be created by the specified user" in (Col 6 lines 25-30); "third functionality for testing 
whether the identified item of a specified type can be deleted by the specified user" in (Col 6 
lines 25-30); "fourth functionality for testing whether the identified item can be modified by the 
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specified user" in (Col 6 lines 25-30); and "fifth functionality for testing whether the identified 
user can examine details of the identified item" in (Col 7 lines 35-40). 

Response to Arguments 

31. Applicant's arguments filed 02/03/05 in responding to 35 U.S.C. 101 rejection, have been 
fully considered but they are not persuasive. See rejection above. 

32. Applicant's arguments, see Amendment, filed 02/03/05, with respect to the rejection(s)of 
claim(s) 1-2, and 4-39 under 35 U.S.C. 102(e) and 35 U.S.C. 103 have been fully considered and 
are persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Cook. See rejection above. 

Conclusion 

33. Any inquiry concerning this communication from the examiner should be directed to 
Linh Son whose telephone number is (571)-272-3856. 

34. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor Kim Y. Vu can be reached at (571)-272-3859. The fax numbers for this group are 
(703)-872-9306 (official fax). Any inquiry of general nature or relating to the status of this 
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application or proceeding should be directed to the group receptionist whose telephone number is 
(571)-272-2100. 

35. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval IPAIR.I system. Status information for published applications 
may be obtained from either Private PMR or Public PMR. Status information for unpublished 
applications is available through Private PMR only. For more information about the PAIR 
system, see http://pzr-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Linh LD Son 



Patent Examiner 



